Sharpening strategic risk management

Sharpening strategic risk management

While conventional enterprise risk management (ERM) techniques have done a reasonable job in identifying and mitigating financial and operational risks, research shows that it is the management of strategic risk factors that will have the greatest impact on your ability to realise your strategic objectives. Bringing ERM into the forefront of strategic decision making and execution could thus give your business a decisive edge.

Strategic risks can be defined as the uncertainties and untapped opportunities embedded in your strategic intent and how well they are executed. As such, they are key matters for the board and impinge on the whole business, rather than just an isolated unit.

Strategic risk management is your organisation’s response to these uncertainties and opportunities. It involves a clear understanding of corporate strategy, the risks in adopting it and the risks in executing it. These risks may be triggered from inside or outside your organisation. Once they are understood, you can develop effective, integrated, strategic risk mitigation.

Far from holding back the business, strategic risk management is about augmenting strategic management and getting the full value from your strategy. In a typical instance, a conventional approach to setting and executing strategy might look at sales growth and service delivery. Rarely does it monitor the risks of a shortfall in demand.

Key questions for the board

  1. How well is my strategy actually defined?
  2. How broad are the risks that we are considering?
  3. What risk scenarios have we considered to test our plans?
  4. Have we mapped our risks to key performance and value measures?

Thank you for reading. If you have any opinions, please leave a comment below or send us a message.

Risk Management: A Look Back at 2013 and Ahead to 2014

Risk Management: A Look Back at 2013 and Ahead to 2014

According to Yo Delmar, vice president of MetricStream, 2013 has been witness to extraordinary change. We are living and doing business in an increasingly global, mobile, social and Big Data world, fraught with new risks and complex regulations. As such, individuals and organizations are struggling to keep pace.

In response to greater uncertainty, complexity and volatility throughout 2013, we’ve seen increased convergence and alignment amongst internal teams, including IT, security and the business. As a result, organizations are better poised to provide the context for communicating risks. We’ve also seen the business ecosystem evolve to include geographically diverse vendors and third parties, and as a result, organizations must continue to view these entities as part of the organization itself, and manage them in a more tightly and integrated way.

Growing convergence among IT, security and the business: The landscape of risk and compliance continues to evolve, as organizations are asked to manage their IT risk and compliance activities far beyond that of basic audit and compliance requirements of the past. As new technologies bring their own set of unique risks, there is a growing disconnect among internal audit, security, compliance and the business on what it means to build, manage and lead a truly safe, secure and successful business.

As a result, we are seeing more focused efforts when it comes to getting these groups on the same page by building a common risk language, as well as a discussion framework to enable cross-functional collaboration. Doing so can set the context for communicating risks in a way that drives more effective governance and decision-making across the board of directors, executive management team and each respective business function.

What is your 2014 resolutions? Leave us a comment or send us a message.